Shodan
Vulnerabilities
Vulnerable Software
Security Vulnerabilities - CVEs Published In March 2022
CVE-2022-26252
aaPanel v6.8.21 was discovered to be vulnerable to directory traversal. This vulnerability allows attackers to obtain the root user private SSH key(id_rsa).
CVSS Score
6.5
EPSS Score
0.031
Published
2022-03-27
CVE-2022-26245
Falcon-plus v0.3 was discovered to contain a SQL injection vulnerability via the parameter grpName in /config/service/host.go.
CVSS Score
9.8
EPSS Score
0.017
Published
2022-03-27
CVE-2022-1106
use after free in mrb_vm_exec in GitHub repository mruby/mruby prior to 3.2.
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-27
CVE-2022-27948
Certain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of approximately one hundred symbols. NOTE: the vendor's perspective is that the behavior is as intended
CVSS Score
7.2
EPSS Score
0.002
Published
2022-03-27
CVE-2022-26205
Marky commit 3686565726c65756e was discovered to contain a remote code execution (RCE) vulnerability via the Display text fields. This vulnerability allows attackers to execute arbitrary code via injection of a crafted payload.
CVSS Score
9.8
EPSS Score
0.022
Published
2022-03-27
CVE-2022-26198
Notable v1.8.4 does not filter text editing, allowing attackers to execute arbitrary code via a crafted payload injected into the Title text field.
CVSS Score
9.8
EPSS Score
0.008
Published
2022-03-27
CVE-2022-27945
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to password.cgi.
CVSS Score
8.8
EPSS Score
0.064
Published
2022-03-26
CVE-2022-27946
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the sysNewPasswd and sysConfirmPasswd parameters to admin_account.cgi.
CVSS Score
8.8
EPSS Score
0.014
Published
2022-03-26
CVE-2022-27947
NETGEAR R8500 1.0.2.158 devices allow remote authenticated users to execute arbitrary commands (such as telnetd) via shell metacharacters in the ipv6_fix.cgi ipv6_wan_ipaddr, ipv6_lan_ipaddr, ipv6_wan_length, or ipv6_lan_length parameter.
CVSS Score
8.8
EPSS Score
0.064
Published
2022-03-26
CVE-2022-27938
stb_image.h (aka the stb image loader) 2.19, as used in libsixel and other products, has a reachable assertion in stbi__create_png_image_raw.
CVSS Score
5.5
EPSS Score
0.001
Published
2022-03-26


Products
Pricing
Contact Us

Shodan ® - All rights reserved